Forum Discussion
Access Azure Key Vault and/or Azure Storage via Site to Site VPN from local network.
This is a roadmap item for Key Vault. The solution will provide a private IP address within your VNET that maps to your keyvault instance. The Private IP will be accessible over ER, S2S VPN, P2S VPN. In the short-term a potential workaround could be using AzFW as a TCP Broker. AzFW provides a private IP facing on-premises (S2S VPN) and you enable service endpoints on the AzFW subnet and you white-list the vnet/subnet/azfw to have access to keyvault. You can further whitelist the FQDN of KeyVault on AzFW as well.
Jason Gmitterwould it be possible for you to provide some Azure CLI examples of setting up the workaround? My issue is that I don't have a "sandbox" to test things out in and I need to provide ideas to the implementation team. Thanks for this response btw, it helps a lot!